Mac attack: OS X Yosemite hit by zero-day vulnerability

What was that about Macs not being targeted again?

Shares

There's some bad news for Mac owners today, as it has emerged that the latest version of OS X (Yosemite) has a major zero-day vulnerability which is being exploited to access computers (with no need for any system password) and directly install malware on machines.

This is another prime example of how with Apple's computers becoming more popular, malware authors are looking to exploit unwary users who still believe OS X is a safe haven never troubled by viruses and other similar nastiness.

How does this particular exploit work? As Ars Technica reports, it's down to new error logging capabilities which were added to OS X 10.10, with the programmers failing to use standard safeguarding measures when implementing them.

Security firm Malwarebytes said that malware pushers are modifying the 'sudoers' configuration file (a hidden Unix file) to get themselves root permissions via a Unix shell with no password necessary – simple and direct access to the machine.

The company explained in a blog post that the malware peddlers are using the exploit to launch the VSInstaller app, and then installing VSearch adware on the victim's machine, as well as a “variant of the Genieo adware and the MacKeeper junkware.”

Clearly this flaw is bad news, as is the fact that Apple hasn't patched it yet in the current version of OS X (10.10.4) according to Stefan Esser, who discovered the vulnerability (and rather hastily blogged about it before informing Apple, again according to Malwarebytes) – though apparently it has been fixed in a beta version of OS X 10.11.

To fix for the current incarnation of Apple's operating system, you'll need to install a patch produced by Esser, but applying a fix from a third-party like so will of course carry its own potential risks.

You're better off waiting for the official fix from Cupertino, and remember you have to actually install a dodgy third-party program (which hasn't been code-signed) carrying the script to be affected by this exploit.